Well, let's start with the basics. What exactly is the problem, e.g. where do you expect that FQDNs show up, which messages are exactly involved, where are they generated and which format they have? I know this sounds like obvious, but I geuss we get close to the answer if we have precise info.
Rainer > -----Original Message----- > From: [email protected] [mailto:rsyslog- > [email protected]] On Behalf Of Joe McDonagh > Sent: Monday, January 17, 2011 7:50 AM > To: [email protected] > Subject: [rsyslog] Cannot for the life of me get preservefqdn to work > > Right now I currently have compatibility with version 1 on, and I am > thinking I will build a package for older nodes for version 4, mainly > because I really need fqdns. Unfortunately when I do a test between two > version 4 systems, fqdn still doesn't work. Here's some info: > > root@syslog:/var/log/hosts/puppet# ps aux | grep rsyslogd | grep -v > grep > root 20601 0.0 0.0 29568 1296 ? S 22:26 0:00 > rsyslogd -c4 -m 0 -t61514 -x -r514 > > root@puppet:~# ps aux | grep rsyslog > root 30755 0.0 0.0 45844 1284 ? Sl 22:42 0:00 > rsyslogd -c1 -m 0 > > Now I am not clear if I need PreserveFQDN on both the node and server, > so I set it on both for kicks. Here is the node config: > > # /etc/rsyslog.conf Configuration file for rsyslogd. > # > # For more information see > # /usr/share/doc/rsyslog/html/rsyslog_conf.html > > # > # First some standard logfiles. Log by facility. > # > > $PreserveFQDN on > > auth,authpriv.* /var/log/auth.log > *.*;auth.none;authpriv.none;mail.none;cron.none,daemon.none > -/var/log/syslog > cron.* /dev/null > daemon.* -/var/log/daemon.log > kern.* -/var/log/kern.log > lpr.* -/var/log/lpr.log > mail.* -/var/log/mail.log > user.* -/var/log/user.log > > # > # Logging for the mail system. Split it up so that > # it is easy to write scripts to parse these files. > # > mail.info -/var/log/mail.info > mail.warn -/var/log/mail.warn > mail.err /var/log/mail.err > > # > # Logging for INN news system > # > news.crit /var/log/news/news.crit > news.err /var/log/news/news.err > news.notice -/var/log/news/news.notice > > # > # Some `catch-all' logfiles. > # > *.=debug;\ > auth,authpriv.none;\ > news.none;mail.none -/var/log/debug > *.=info;*.=notice;*.=warn;\ > auth,authpriv.none;\ > cron.none;daemon.none;\ > mail.none,news.none -/var/log/messages > > # > # Emergencies are sent to everybody logged in. > # > *.emerg * > > # Include all config files in /etc/rsyslog.d/ > $IncludeConfig /etc/rsyslog.d/ > > And here is the contents of the files in the .d conf dir: > > root@puppet:/var/log# cat /etc/rsyslog.d/* > # Log kernel generated UFW log messages to file > :msg,contains,"[UFW " /var/log/ufw.log > > # Uncomment the following to stop logging anything that matches the > last > rule. > # Doing this will stop logging kernel generated UFW log messages to the > file > # normally containing kern.* messages (eg, /var/log/kern.log) > #& ~ > *.*,cron.none @@127.0.0.1:61514 > > Here is the server config: > > # Config file for splitting up logs by hostname and related syslog > server > # configs > > # Show FQDNs > $PreserveFQDN on > > # Discard collectd stuff > if $syslogtag contains 'collectd' then ~ > > # Discard cron stuff > if $syslogtag contains 'CRON' then ~ > > # Custom log files first since we may discard things like apache2 > messages > # later on down. > > # Aggregate of corporate website logs > $template DYNcorpsite, "/var/log/custom/corpsite_apache2.log" > > if $source != 'localhost' \ > and $HOSTNAME startswith 'www' \ > and $syslogtag contains 'apache2' \ > then ?DYNcorpsite > > if $source != 'localhost' \ > and $HOSTNAME contains 'updates' \ > and $syslogfacility-text == 'r7license_server' \ > then ?DYNr7license_servers > > # Aggregate of smtp gateway logs > $template DYNsmtp_gateways, "/var/log/custom/smtp_gateways.log" > > if $source != 'localhost' \ > and $HOSTNAME startswith 'smtp' \ > and $syslogfacility-text == 'mail' \ > then ?DYNsmtp_gateways > > # List of log files without loglevel separation > $template DYNapache2, > "/var/log/hosts/%HOSTNAME%/apache2.log" > $template DYNauth_all, "/var/log/hosts/%HOSTNAME%/auth.log" > $template DYNcron_all, "/var/log/hosts/%HOSTNAME%/cron.log" > $template DYNdaemon_all, "/var/log/hosts/%HOSTNAME%/daemon.log" > $template DYNdhcpd, "/var/log/hosts/%HOSTNAME%/dhcpd.log" > $template DYNkern_all, "/var/log/hosts/%HOSTNAME%/kern.log" > $template DYNlpr_all, "/var/log/hosts/%HOSTNAME%/lpr.log" > $template DYNmail_all, "/var/log/hosts/%HOSTNAME%/mail.log" > $template DYNnamed, "/var/log/hosts/%HOSTNAME%/named.log" > $template DYNsshd, "/var/log/hosts/%HOSTNAME%/sshd.log" > $template DYNsyslog_all, "/var/log/hosts/%HOSTNAME%/syslog" > $template DYNuser_all, "/var/log/hosts/%HOSTNAME%/user.log" > > # First separate interesting tags then discard to lower > # duplication > if $source != 'localhost' \ > and $syslogtag contains 'apache2' \ > then ?DYNapache2 > > if $syslogtag contains 'apache2' then ~ > > if $source != 'localhost' \ > and $syslogtag contains 'dhcpd' \ > then ?DYNdhcpd > > if $syslogtag contains 'dhcpd' then ~ > > if $source != 'localhost' \ > and $syslogtag contains 'named' \ > then ?DYNnamed > > if $syslogtag contains 'named' then ~ > > # Here are regular facility-based separating > if $source != 'localhost' \ > and ( \ > $syslogfacility-text == 'auth' \ > or $syslogfacility-text == 'authpriv' \ > ) \ > then ?DYNauth_all > > if $source != 'localhost' \ > and $syslogfacility-text == 'cron' \ > then ?DYNcron_all > > if $source != 'localhost' \ > and $syslogfacility-text == 'daemon' \ > then ?DYNdaemon_all > > if $source != 'localhost' \ > and $syslogfacility-text == 'kern' \ > then ?DYNkern_all > > if $source != 'localhost' \ > and $syslogfacility-text == 'lpr' \ > then ?DYNlpr_all > > if $source != 'localhost' \ > and $syslogfacility-text == 'mail' \ > then ?DYNmail_all > > if $source != 'localhost' \ > and $syslogtag contains 'sshd' \ > then ?DYNsshd > > if $source != 'localhost' \ > and $syslogfacility-text != 'authpriv' \ > then ?DYNsyslog_all > > if $source != 'localhost' \ > and $syslogfacility-text == 'user' \ > then ?DYNuser_all > > # Logging for the mail system. > $template DYNmail_info, "/var/log/hosts/%HOSTNAME%/mail.info" > $template DYNmail_warn, "/var/log/hosts/%HOSTNAME%/mail.warn" > $template DYNmail_err, "/var/log/hosts/%HOSTNAME%/mail.err" > > if $source != 'localhost' \ > and ( \ > $syslogfacility-text == 'mail' \ > and $syslogseverity-text == 'info' \ > ) \ > then ?DYNmail_info > > if $source != 'localhost' \ > and ( \ > $syslogfacility-text == 'mail' \ > and $syslogseverity-text == 'warn' \ > ) \ > then ?DYNmail_warn > > if $source != 'localhost' \ > and ( \ > $syslogfacility-text == 'mail' \ > and $syslogseverity-text == 'err' \ > ) \ > then ?DYNmail_err > > # Catch-all log files > $template DYNdebug, "/var/log/hosts/%HOSTNAME%/debug" > $template DYNmessages, "/var/log/hosts/%HOSTNAME%/messages" > > if $source != 'localhost' \ > and $syslogseverity-text == 'debug' \ > then ?DYNdebug > > if $source != 'localhost' \ > and ( \ > $syslogseverity-text == 'info' \ > or $syslogseverity-text == 'notice' \ > or $syslogseverity-text == 'warn' \ > ) \ > and ( \ > $syslogfacility-text != 'auth' \ > or $syslogfacility-text != 'authpriv' \ > or $syslogfacility-text != 'cron' \ > or $syslogfacility-text != 'daemon' \ > or $syslogfacility-text != 'mail' \ > or $syslogfacility-text != 'news' \ > ) \ > then ?DYNmessages > > # Include all config files in /etc/rsyslog.d/ > $IncludeConfig /etc/rsyslog.d/ > > ------ > > I can't figure this out. The messages still only show the short > hostname > in both the node and server logs. Any ideas? > > > -- > Joe McDonagh > Operations Engineer > AIM: YoosingYoonickz > IRC: joe-mac on freenode > "When the going gets weird, the weird turn pro." > > _______________________________________________ > rsyslog mailing list > http://lists.adiscon.net/mailman/listinfo/rsyslog > http://www.rsyslog.com _______________________________________________ rsyslog mailing list http://lists.adiscon.net/mailman/listinfo/rsyslog http://www.rsyslog.com
